ioc[.]one - OSINT Cyber Threat Intelligence Database

Show in Graph

Common Information

Type	Value
Value	Malvertising - T1583.008
Category	Attack-Pattern
Type	Mitre-Attack-Pattern
Misp Type	Cluster
Description	Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus-malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites. Adversaries may purchase ads and other resources to help distribute artifacts containing malicious code to victims. Purchased ads may attempt to impersonate or spoof well-known brands. For example, these spoofed ads may trick victims into clicking the ad which could then send them to a malicious domain that may be a clone of official websites containing trojanized versions of the advertised software.(Citation: Masquerads-Guardio)(Citation: FBI-search) Adversary’s efforts to create malicious domains and purchase advertisements may also be automated at scale to better resist cleanup efforts.(Citation: sentinelone-malvertising) Malvertising may be used to support [Drive-by Target](https://attack.mitre.org/techniques/T1608/004) and [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), potentially requiring limited interaction from the user if the ad contains code/exploits that infect the target system's web browser.(Citation: BBC-malvertising) Adversaries may also employ several techniques to evade detection by the advertising network. For example, adversaries may dynamically route ad clicks to send automated crawler/policy enforcer traffic to benign sites while validating potential targets then sending victims referred from real ad clicks to malicious pages. This infection vector may therefore remain hidden from the ad network as well as any visitor not reaching the malicious sites with a valid identifier from clicking on the advertisement.(Citation: Masquerads-Guardio) Other tricks, such as intentional typos to avoid brand reputation monitoring, may also be used to evade automated detection.(Citation: spamhaus-malvertising)

Details		Published	Attributes	Title
Details	Website	2023-01-05	0	FBI warns of imposter ads in search results
Details	Website	2022-12-31	2	Copper Mountain Mine victim of ransomware attack in Princeton \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
Details	Website	2022-12-30	3	New Linux malware uses 30 plugin exploits to backdoor WordPress sites
Details	Website	2022-12-29	61	Searching a Software? Be Aware Where You Click, You May Get Malware \| OSArmor Blog
Details	Website	2022-12-29	0	New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software
Details	Website	2022-12-27	2	IcedID Botnet Detection: Malvertising Attacks Abusing Google Pay-Per-Click (PPC) Ads - SOC Prime
Details	Website	2022-12-27	0	HUMAN's 10th Year By the Numbers
Details	Website	2022-12-27	0	HUMAN's 10th Year By the Numbers
Details	Website	2022-12-27	16	Cerber Ransomware Explained: How to Protect, Detect, and Recover
Details	Website	2022-12-24	2	FBI issues urgent cybersecurity alert today related to online retail scams \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
Details	Website	2022-12-23	2	Top 10 Risks in Cyber Security
Details	Website	2022-12-23	10	IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
Details	Website	2022-12-22	31	Monthly Threat Actor Group Intelligence Report, October 2022 (ENG) – Red Alert
Details	Website	2022-12-21	5	SEO Poisoning Attack Linked to 144,000 Phishing Packages
Details	Website	2022-12-21	2	Play ransomware group claims to have stolen hotel chain data
Details	Website	2022-12-15	1	Top 10 Malware Campaigns against WordPress, Drupal and Joomla websites in 2018
Details	Website	2022-12-08	16	Russia’s Second-Largest Bank Taken Down By Massive DDoS Attack:VTB Bank
Details	Website	2022-12-01	0	6 Tell-Tale Signs Of An Unsafe Website - TechShout
Details	Website	2022-11-30	0	Crafty threat actor uses 'aged' domains to evade security platforms
Details	Website	2022-11-29	5	CashRewindo: How to age domains for an investment scam like fine scotch
Details	Website	2022-11-23	1	Google Ads Used to Distribute Royal Ransomware in Malvertising Campaign \| IT Security News
Details	Website	2022-11-22	57	Scammers capitalize on Black Friday week with massive malvertising campaign
Details	Website	2022-11-21	3	Luna Moth's callback phishing. Mustang Panda activity. DEV0569's malvertising. US indicts 10 in BEC case. Cyber auxiliaries.
Details	Website	2022-11-21	2	Ransomware Group DEV-0569 Exhibits Remarkable Innovation, Microsoft Issues a Warning \| IT Security News
Details	Website	2022-11-20	1	Making ransom payment illegal? Google Ads distribute ransomware, “sowing Discord” and more – This Week In Ransomware – Sunday, Nov. 20th 2022 \| IT World Canada News